HTTP folk in IETF did a nice job with digest auth (http://www.ietf.org/rfc/=
rfc2617.txt), balancing the need for cryptographic strength with HTTP desig=
n precepts. US Realty uses it always - when RETS client talk to RETS data s=
ervers, where the RETS was essentially a branch off the general RDF/SPARQL =
initiative, about 5 years ago. (RETS was a viciously simplified version of =
the RDF technology of the day, mostly cutting out all the dogma-of-the-day.=
.. that was hampering adoption.)
You may also want to revisit http://tools.ietf.org/html/rfc2693; Perhaps it=
s time, now, to review well articulated security concepts.10 years ago, it =
was not time - as the initiative got itself involved in a doctrinal war, ex=
pressed as usual as dogma. Read today, the document does capture the tradeo=
ffs made then by Rivest/Lampson, Ellison and "Tatu", embracing i) a particu=
lar model of local and global naming, ii) the use of lisp constructs as the=
basis for both policy expression and implementing self-describing policy e=
nforcement logics, and iii) consistency with SSH design precepts that enabl=
e one to implement the distributed logic engine via token passing protocols.
From: Story Henry
Sent: Mon 3/31/2008 8:53 AM
To: foaf-dev Friend of a; Semantic Web
Subject: [foaf-dev] Re: RDFAuth: an initial sketch
_______________________________________________
foaf-dev mailing list
foaf-dev at lists.foaf-project.orghttp://lists.foaf-project.org/mailman/listinfo/foaf-dev
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.usefulinc.com/pipermail/foaf-dev/attachments/20080331/bba=
d9b3f/attachment.htm